Today one of the fastest medium used by malware for infection is removable drives. Worms used it to replicate faster, once your removal drive come in contact with infected system it gets infected automatically by the malicious services running in system, one of the first task done by malicious services is to create AUTORUN information file into Removable drive for further propagation.
Now once you open these infected Removable Drives in any PC, AUTORUN file do there task, but question is How?
Actually AUTORUN file contains code for executing infected executable file instantly which were copied earlier somewhere in Removable Drives by malicious services.
The code within AUTORUN information file looks something like this:
In the above script recycler is a folder in removal drives which contain infected executable file (copied earlier by malicious services) that is now being used by AUTORUN file for propagation.
Here we can protect our Removal Drives against these worms by restricting changes to Autorun.inf file.
Step1: Create four folders in the root directory of your Removable drive with name Autorun.inf, Recycle, Recycler and Recycled.
Step2: Go to Start>Run and type cmd to open Command Prompt
Step3: Now type below command one by one
attrib autorun.inf /s /d –a +s +r
cacls autorun.inf /c /d administrators
Step4: Repeat Step3 for Recycle, Recycler and Recycled.
Here in the above procedure attrib command is used to set the folder attributes and cacls is used to set the privilege label to deny access for members of administrators group.
Once you have completed this task successfully you won’t be able to delete, rename, modify, copy or open these folders and this also prevent Malicious services running in any system to modify or copy infected files into Removable Drives.[/b]
Originally Posted on whitehatGuru.net/blog